Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 5c234aa5e33ed9037354a4c94d0d3e0350abe5eb^! / . / fs / cifs
commit5c234aa5e33ed9037354a4c94d0d3e0350abe5eb[log] [tgz]
authorShirish Pargaonkar <shirishpargaonkar@gmail.com>Thu Aug 29 08:35:10 2013 -0500
committerSteve French <smfrench@gmail.com>Sun Sep 08 14:47:49 2013 -0500
tree8576ec4eb00a2adca7517d6bee0bc4a781c21ab8
parentd4e63bd6e40da30e965e8947b98ba75c6b973c62 [diff]
cifs: Add a variable specific to NTLMSSP for key exchange.

Add a variable specific to NTLMSSP authentication to determine
whether to exchange keys during negotiation and authentication phases.

Since session key for smb1 is per smb connection, once a very first
sesion is established, there is no need for key exchange during
subsequent session setups. As a result, smb1 session setup code sets this
variable as false.

Since session key for smb2 and smb3 is per smb connection, we need to
exchange keys to generate session key for every sesion being established.
As a result, smb2/3 session setup code sets this variable as true.

Acked-by: Jeff Layton <jlayton@samba.org>
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Steve French <smfrench@gmail.com>

diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index fb186f7..20c7f8f 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h

@@ -131,6 +131,7 @@
 
 /* per smb session structure/fields */
 struct ntlmssp_auth {
+	bool sesskey_per_smbsess; /* whether session key is per smb session */
 	__u32 client_flags; /* sent by client in type 1 ntlmsssp exchange */
 	__u32 server_flags; /* sent by server in type 2 ntlmssp exchange */
 	unsigned char ciphertext[CIFS_CPHTXT_SIZE]; /* sent to server */

diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index acea6c4..5f99b7f 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c

@@ -428,7 +428,8 @@
 		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
 	if (ses->server->sign) {
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
-		if (!ses->server->session_estab)
+		if (!ses->server->session_estab ||
+				ses->ntlmssp->sesskey_per_smbsess)
 			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
 	}
 
@@ -466,7 +467,8 @@
 		NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_EXTENDED_SEC;
 	if (ses->server->sign) {
 		flags |= NTLMSSP_NEGOTIATE_SIGN;
-		if (!ses->server->session_estab)
+		if (!ses->server->session_estab ||
+				ses->ntlmssp->sesskey_per_smbsess)
 			flags |= NTLMSSP_NEGOTIATE_KEY_XCH;
 	}
 
@@ -641,6 +643,8 @@
 		ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
 		if (!ses->ntlmssp)
 			return -ENOMEM;
+		ses->ntlmssp->sesskey_per_smbsess = false;
+
 	}
 
 ssetup_ntlmssp_authenticate:

diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index f56cf99..3d01076 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c

@@ -491,6 +491,7 @@
 	ses->ntlmssp = kmalloc(sizeof(struct ntlmssp_auth), GFP_KERNEL);
 	if (!ses->ntlmssp)
 		return -ENOMEM;
+	ses->ntlmssp->sesskey_per_smbsess = true;
 
 	/* FIXME: allow for other auth types besides NTLMSSP (e.g. krb5) */
 	ses->sectype = RawNTLMSSP;